The KDE Project today released asecurity advisory
affecting all versions of KDE 2 and KDE 3. The advisory is the culmination of
the security audit which delayed
the release of KDE 3.1 until January. The KDE Project strongly encourages all KDE users to upgrade to
KDE 3.0.5a, which was alsoannounced
today, or to apply thepatches provided
for KDE 2.2.2. Due to the year-end Holidays, few binary packages are
available at this time. Please check
the KDE 3.0.5a information
page and your vendor's website periodically for available packages.
Note that some vendors are expected to incorporate
the security improvements into new builds of KDE 3.0.5.

Bookmark/Search this post with

Comments

While downloading the source for 3.0.5a and thinking of the long compile ahead on my Athlon 800 (yes, I need to compile, I make modifications to a number of the programs in KDE), I got to realizing that there aren't really that many programs in the base KDE distribution that I use. For example, all I use from kdegames is Shisen-Sho, and all I use from kdenetwork are kmail and kdict.

I was just wondering how hard it would be to be able to do "customized" build, as in: ./configure --enable-apps=kmail,kdict --etc and just compile/install the requested programs. Currently, for kdegames, I just do a make install in libkdegames and kshisen, but that's kind of ugly. I would be eternally grateful if I could pick and choose my base applications, so compile times and disk usage would be greatly diminished.

in /etc/apt/sources.list will get an HTTP 404 error when trying to update. Either wait until the Debian packages are updated, replace '/latest/' with '/3.0.5/', or wait until Debian includes KDE 3.x in the distribution (whenever that is...?).

Krootwarning:
------------------------
'You are running a graphical interface as root.
This is a bad idea because as root, you can damage your system, and nothing will stop you.'
---------------------------------------------------------------------------------------

I am just curious.
Who is the 'nothing' ? Why and when is he going to stop me? After I had damaged my system or maybe before? Is the 'nothing' FBI?

Maybe I am too paranoic. Is it possible to send Kroot's warning to bugs.kde.org for a semantic & syntactic cleanup?

Yes, you're right, I always knew english was the wrong language. And I am sorry if I offended you but I can't stop laughing when I read this one: ' This is a bad idea because as root, you can damage your system, and nothing will stop you.'

'Try .dk for a change.'

Thanks for the advice 'anon. coward'. Ooops, sorry again, you are only 'anon'.

Dunno if someone has already said this but hats off to the KDE developers for doing the security audit. I'm sure it's not much fun going over all that code looking for these bugs. Their efforts are appreciated by many people I'm sure.